Hackse
0
Hallo zusammen,
ich stellte kürzlich fest, dass über meine Domain vermutlich Spam versendet wird. Es gibt viele unbekannte User, die meine Domain und deren (fremden) Namen als Absender haben.
Hier ein Beispiel:
Ich verstehe meine Konfiguration eigentlich so, dass ausschließlich authentifizierte User Mails senden können, daher bin ich zugegeben etwas irritiert.
master.cf
main.cf
Greetz
Hackse
ich stellte kürzlich fest, dass über meine Domain vermutlich Spam versendet wird. Es gibt viele unbekannte User, die meine Domain und deren (fremden) Namen als Absender haben.
Hier ein Beispiel:
Code:
Dec 16 11:49:54 meine_domain postfix/submission/pickup[7380]: 31381B80684: uid=33 from=<christian_acevedo@meine_domain.com>
Dec 16 11:49:54 meine_domain postfix/submission/cleanup[7397]: 31381B80684: message-id=<17be82cdc58be67cf12f0b884f08123e@meine_domain.com>
Dec 16 11:49:54 meine_domain opendkim[3066]: 31381B80684: no signing table match for 'christian_acevedo@meine_domain.com'
Dec 16 11:49:54 meine_domain postfix/submission/smtp[7361]: 4B65BB8056E: to=<hbrown01@charter.net>, relay=mx1.charter.net[68.114.188.69]:25, delay=0.95, delays=0.13/0/0.45/0.37, dsn=2.0.0, status=sent (250 2.0.0 Lapt1u01u30MVas01apt2z mail accepted for delivery E0000)
Ich verstehe meine Konfiguration eigentlich so, dass ausschließlich authentifizierte User Mails senden können, daher bin ich zugegeben etwas irritiert.
master.cf
Code:
smtp inet n - - - - smtpd -o smtp_bind_address=188.138.82.139
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp -o smtp_bind_address=188.138.82.139
relay unix - - - - - smtp -o smtp_bind_address=188.138.82.139
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
policy-spf unix - n n - - spawn
user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
# Amavis
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
# Second postfix instance
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
main.cf
Code:
# Base config
myhostname = mail.meine_domain
myorigin = /etc/mailname
mydestination = $myhostname, $mydomain, localhost, localhost.$mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = $mydestination
syslog_name=postfix/submission
# Aliases / Recipients
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
# SSL/TLS
smtpd_tls_cert_file=/etc/ssl/certs/meine_domain.pem
smtpd_tls_key_file=/etc/ssl/private/meine_domain.key
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_enforce_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_wrappermode=no
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
milter_macro_daemon_name=ORIGINATING
# Security and Anti-Spam cinfig
policy-spf_time_limit = 3600s
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_data_restrictions =
reject_unauth_pipelining
# DKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
# Amanis Contentfilter
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
Greetz
Hackse